Funny problem about symmetric encryption - Security

This is a discussion on Funny problem about symmetric encryption - Security ; Hi all, I have a file encrypted with GPG symmetric encryption (CAST5). The passphrase had been given on command line (no keyring used). I happen to have the original file as well. I guess not but: is there a way ...

+ Reply to Thread
Results 1 to 20 of 20

Thread: Funny problem about symmetric encryption

  1. Funny problem about symmetric encryption

    Hi all,

    I have a file encrypted with GPG symmetric encryption (CAST5). The
    passphrase had been given on command line (no keyring used).
    I happen to have the original file as well.
    I guess not but: is there a way to retrieve the passphrase that I used
    to encrypt the file ?

    Thanks for any suggestion,

    AO



  2. Re: Funny problem about symmetric encryption

    Zawartość nagłówka ["Followup-To:" comp.os.linux.security.]
    On 14.11.2006, Alexandre Oberlin wrote:
    > I have a file encrypted with GPG symmetric encryption (CAST5). The
    > passphrase had been given on command line (no keyring used).
    > I happen to have the original file as well.
    > I guess not but: is there a way to retrieve the passphrase that I used
    > to encrypt the file ?


    Assume that there is way to retrieve passphrase. What then would be
    encryption for?

    And remember to set Followup-To: header when crossposting.

    --
    Niektórzy lubią dozziego...
    Oczywiście szanujemy ich.
    Stanislaw Klekot

  3. Re: Funny problem about symmetric encryption

    Alexandre Oberlin wrote:

    > Hi all,
    >
    > I have a file encrypted with GPG symmetric encryption (CAST5). The
    > passphrase had been given on command line (no keyring used).
    > I happen to have the original file as well.
    > I guess not but: is there a way to retrieve the passphrase that I used
    > to encrypt the file ?
    >
    > Thanks for any suggestion,
    >
    > AO


    I dont think there is a way. First you would have to get the hashed key from
    the file, then convert it back into the passphrase. Both is one-way ..

  4. Re: Funny problem about symmetric encryption

    Markus Tervooren wrote:
    > Alexandre Oberlin wrote:
    >
    >> Hi all,
    >>
    >> I have a file encrypted with GPG symmetric encryption (CAST5). The
    >> passphrase had been given on command line (no keyring used).
    >> I happen to have the original file as well.
    >> I guess not but: is there a way to retrieve the passphrase that I used
    >> to encrypt the file ?
    >>
    >> Thanks for any suggestion,
    >>
    >> AO

    >
    > I dont think there is a way. First you would have to get the hashed key from
    > the file, then convert it back into the passphrase. Both is one-way ..

    So it seems I guessed right...
    The strange thing is that I managed to enter twice the same BAD
    password. Must have been tired !

    Thank you,

    AO

  5. Re: Funny problem about symmetric encryption

    Stachu 'Dozzie' K. wrote:
    > Zawartość nagłówka ["Followup-To:" comp.os.linux.security.]
    > On 14.11.2006, Alexandre Oberlin wrote:
    >> I have a file encrypted with GPG symmetric encryption (CAST5). The
    >> passphrase had been given on command line (no keyring used).
    >> I happen to have the original file as well.
    >> I guess not but: is there a way to retrieve the passphrase that I used
    >> to encrypt the file ?

    >
    > Assume that there is way to retrieve passphrase. What then would be
    > encryption for?

    Maybe for those who don't have the original file ? ;-)

    > And remember to set Followup-To: header when crossposting.

    Oops! sorry.




  6. Re: Funny problem about symmetric encryption

    Alexandre Oberlin wrote:

    > Markus Tervooren wrote:
    >> Alexandre Oberlin wrote:
    >>
    >>> Hi all,
    >>>
    >>> I have a file encrypted with GPG symmetric encryption (CAST5). The
    >>> passphrase had been given on command line (no keyring used).
    >>> I happen to have the original file as well.
    >>> I guess not but: is there a way to retrieve the passphrase that I used
    >>> to encrypt the file ?
    >>>
    >>> Thanks for any suggestion,
    >>>
    >>> AO

    >>
    >> I dont think there is a way. First you would have to get the hashed key
    >> from the file, then convert it back into the passphrase. Both is one-way
    >> ..

    > So it seems I guessed right...
    > The strange thing is that I managed to enter twice the same BAD
    > password. Must have been tired !
    >
    > Thank you,
    >
    > AO


    I could only think of some brute-force-ing, if passphrase is short (<6
    Chars)

  7. Re: Funny problem about symmetric encryption

    Markus Tervooren wrote:
    > Alexandre Oberlin wrote:
    >
    >> Markus Tervooren wrote:
    >>> Alexandre Oberlin wrote:
    >>>
    >>>> Hi all,
    >>>>
    >>>> I have a file encrypted with GPG symmetric encryption (CAST5). The
    >>>> passphrase had been given on command line (no keyring used).
    >>>> I happen to have the original file as well.
    >>>> I guess not but: is there a way to retrieve the passphrase that I used
    >>>> to encrypt the file ?
    >>>>
    >>>> Thanks for any suggestion,
    >>>>
    >>>> AO
    >>> I dont think there is a way. First you would have to get the hashed key
    >>> from the file, then convert it back into the passphrase. Both is one-way
    >>> ..

    >> So it seems I guessed right...
    >> The strange thing is that I managed to enter twice the same BAD
    >> password. Must have been tired !
    >>
    >> Thank you,
    >>
    >> AO

    >
    > I could only think of some brute-force-ing, if passphrase is short (<6
    > Chars)

    Seven chars, except if my fingers did some stammering...
    I already tried brute force in a batch with the most likely errors
    (CAPS, neighbour key, repeated key), without success.
    One thing I remember is that I had changed my keymap about the time this
    problem showed up, but for a very similar keymap though. The files are
    usually decoded in X and recoded at logout when X has exited.

    Cheers,

    AO

  8. Re: Funny problem about symmetric encryption

    On Tue, 14 Nov 2006 18:36:16 +0100, Alexandre Oberlin wrote:

    > Hi all,
    >
    > I have a file encrypted with GPG symmetric encryption (CAST5). The
    > passphrase had been given on command line (no keyring used).
    > I happen to have the original file as well.
    > I guess not but: is there a way to retrieve the passphrase that I used
    > to encrypt the file ?
    >
    > Thanks for any suggestion,
    >
    > AO


    You are hoping for a "known plaintext attack",
    and it does make it easier to crack the key,
    but it will probably still take a LOT of work.
    .... try the sci.*crypto* groups and work for years...

    You are trying to defeat the very point of crypto.
    Good luck.
    Brute force on a short key is your best hope in the short term.

  9. Re: Funny problem about symmetric encryption

    > I guess not but: is there a way to retrieve the passphrase that I used
    > to encrypt the file ?


    You need to attack the passphrase, ie try to find it by trying some
    passphrases and see if you can decrypt the file.

    Without any advantage, the issue of the attack depends on the strength
    of the passphrase.

    Since you seem to be the one who originally set the passphrase, you can
    think of how you build (or used to build) passphrases: do you use a
    particular method, like using a well known sentence, replacing some
    letters with numbers, or any other possible method? Such a reflexion
    might allow you to define one or several algorithms to construct
    (potentially very big) lists (dictionaries) of passphrases to test.
    Such an "intelligent" dictionary attack has more chances to be
    successful than a brute force attack. And who knows? Maybe you remember
    the passphrase?

    Kind regards
    Ludovic


  10. Re: Funny problem about symmetric encryption

    Mike Anonymous Coward wrote:

    > You are hoping for a "known plaintext attack",
    > and it does make it easier to crack the key,
    > but it will probably still take a LOT of work.

    I read on http://bent.latency.net/crypto/crypto-summary.html.gz
    that "known plain text" does not help a lot with good symmetric ciphers.

    I am getting ready to forget about a month of saved notes, but what is
    exasperating is that I don't understand what happened, so it could very
    well happen again.


    The best evidence of intelligent life out there, is that none of them
    have contacted us.
    -- Anonymous

    Alexandre Oberlin
    http://www.migo.info/

  11. Re: Funny problem about symmetric encryption

    Ludovic Joly wrote:
    >> I guess not but: is there a way to retrieve the passphrase that I used
    >> to encrypt the file ?

    >
    > You need to attack the passphrase, ie try to find it by trying some
    > passphrases and see if you can decrypt the file.
    >
    > Without any advantage, the issue of the attack depends on the strength
    > of the passphrase.
    >
    > Since you seem to be the one who originally set the passphrase, you can
    > think of how you build (or used to build) passphrases: do you use a
    > particular method, like using a well known sentence, replacing some
    > letters with numbers, or any other possible method? Such a reflexion
    > might allow you to define one or several algorithms to construct
    > (potentially very big) lists (dictionaries) of passphrases to test.
    > Such an "intelligent" dictionary attack has more chances to be
    > successful than a brute force attack. And who knows? Maybe you remember
    > the passphrase?
    >


    Well I did exactly that: tried some thousands of possible typing errors
    from the passphrase that I currently use for such things (mixed letters
    and digits from an azerty keyboard).
    Yet the mystery persists...
    I have been wondering if there was not an obscure keymap related problem.

    Thanks for your hints,

    AO


    --
    The best evidence of intelligent life out there, is that none of them
    have contacted us.
    -- Anonymous

    Alexandre Oberlin
    http://www.migo.info/

  12. Re: Funny problem about symmetric encryption

    Alexandre Oberlin wrote:
    > I am getting ready to forget about a month of saved notes, but what is
    > exasperating is that I don't understand what happened, so it could very
    > well happen again.


    I don't follow you now - don't you have a copy of the plaintext file?

    To try to understand what happened, you can go through the same
    manipulations with a bogus file and see if the problem can be
    reproduced.


  13. Re: Funny problem about symmetric encryption


    Alexandre Oberlin wrote:
    > Mike Anonymous Coward wrote:
    > > You are hoping for a "known plaintext attack",
    > > and it does make it easier to crack the key,
    > > but it will probably still take a LOT of work.

    > I read on http://bent.latency.net/crypto/crypto-summary.html.gz
    > that "known plain text" does not help a lot with good symmetric ciphers.



    All good ciphers resist known plaintext attacks. It is one of the most
    fundamental requirements of cryptography. All good ciphers also resist
    chosen plaintext attacks, where not only does the attacker know the
    plaintext, he can also ask for anything he wants to be encrypted.

    If it didn't resist known plaintext attacks, then sending an encrypted
    email would be broken, since many email's often start with "Dear So and
    So" and end with "Sincerely." Or take a Word document with it's tons of
    metadata that is generally constant across all documents. Or an
    encrypted hard drive with tons of system binaries/libraries that the
    attacker knows all the plaintext to.

    -Matt


  14. Re: Funny problem about symmetric encryption

    On Thu, 16 Nov 2006 00:38:04 +0100, Alexandre Oberlin wrote:

    > I am getting ready to forget about a month of saved notes, but what is
    > exasperating is that I don't understand what happened, so it could very
    > well happen again.


    Note that if you encrypt with a public key, rather than with
    a manually entered passphrase, your risk of disaster during
    encryption is greatly reduced.

    --
    To email me, substitute nowhere->spamcop, invalid->net.

  15. Re: Funny problem about symmetric encryption


    Peter Pearson wrote:
    > Note that if you encrypt with a public key, rather than with
    > a manually entered passphrase, your risk of disaster during
    > encryption is greatly reduced.


    Except that you now need to protect the private key. You can store that
    on a disk/key fob, but you can lose that. Actually I lose physical
    items more than I forget passphrases. Or you can encrypt the private
    key under a symmetric key (like most software does). Now you have to
    remember that key, so you are back at square one.


  16. Re: Funny problem about symmetric encryption


    >Peter Pearson wrote:
    >> Note that if you encrypt with a public key, rather than with
    >> a manually entered passphrase, your risk of disaster during
    >> encryption is greatly reduced.

    >
    >Except that you now need to protect the private key. You can store that
    >on a disk/key fob, but you can lose that. Actually I lose physical
    >items more than I forget passphrases. Or you can encrypt the private
    >key under a symmetric key (like most software does). Now you have to
    >remember that key, so you are back at square one.


    An important trick is that you can add extra data (checksum)
    to the info protected by the passphrase so if you mistype
    the passpharse you get an error message rather than encrypting
    your data with a key you won't be able to recover.

    --
    The suespammers.org mail server is located in California. So are all my
    other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
    commercial e-mail to my suespammers.org address or any of my other addresses.
    These are my opinions, not necessarily my employer's. I hate spam.


  17. Re: Funny problem about symmetric encryption

    On 16 Nov 2006 12:40:07 -0800, Matthew Fanto wrote:
    >
    > Peter Pearson wrote:
    >> Note that if you encrypt with a public key, rather than with
    >> a manually entered passphrase, your risk of disaster during
    >> encryption is greatly reduced.

    >
    > Except that you now need to protect the private key. ...


    Exactly. So it's not a clouds-part-and-sun-shines-and-birds-sing
    kind of solution. In fact, it's a solution that I've
    consciously *not* used myself, so far: I keep my password
    library in an encrypted text file, and the shell script that
    I run to edit that file re-encrypts it by asking me (twice)
    for the encryption pass-phrase: that's pretty much the OP's
    modus operandi. Inspired by his predicament, I'm considering
    switching to the strategy of re-encrypting using my public
    key. This will (1) save re-entering the pass-phrase twice
    while re-encrypting and (2) eliminate the risk posed by
    re-encryption-time brain fuddle, at the cost of making my
    password library hostage to my private key. My private key,
    however, is encrypted under my very best pass-phrase, and is
    backed up in many places, including friends' and relatives'
    hard drives. So if I can just remember that one pass-phrase,
    all other pass-phrases are at my fingertips.

    --
    To email me, substitute nowhere->spamcop, invalid->net.

  18. Re: Funny problem about symmetric encryption

    Ludovic Joly wrote:
    > Alexandre Oberlin wrote:
    >> I am getting ready to forget about a month of saved notes, but what is
    >> exasperating is that I don't understand what happened, so it could very
    >> well happen again.

    >
    > I don't follow you now - don't you have a copy of the plaintext file?
    >

    I have a directory where I store a bunch of personal files.
    I wrote scripts to encode or decode them all in a row, with the same
    manually entered key. I usually don't modify ALL files in an editing
    session. That's why.

    > To try to understand what happened, you can go through the same
    > manipulations with a bogus file and see if the problem can be
    > reproduced.
    >


    Alexandre Oberlin
    http://www.migo.info/

  19. Re: Funny problem about symmetric encryption

    Ludovic Joly wrote:

    > To try to understand what happened, you can go through the same
    > manipulations with a bogus file and see if the problem can be
    > reproduced.

    In a way that's what I'm doing since this incident : I encode the
    passphrase I type using my public key, then armor it and log it.
    $> echo $pass | gpg -e --default-recipient-self | gpg --enarmor >
    /tmp/lastpasswd.txt
    In case of problem I can retrieve it with
    $> cat /tmp/lastpasswd.txt | gpg --dearmor | gpg -d

    So if one time I happen to get into the same state of tiredness I was
    that morning when I logged out I will be done ;-)

    AO

  20. Re: Funny problem about symmetric encryption

    Peter Pearson wrote:
    <...>
    > So if I can just remember that one pass-phrase,
    > all other pass-phrases are at my fingertips.


    "One passphrase to rule them all, One passphrase to find them,
    One passphrase to bring them all and in the darkness bind them"


+ Reply to Thread